to

Why backup and restore

This is a quick guide demonstrating how you can backup and restore a MySQL database on Windows and Linux using Adminer.

You may need to know how to backup a restore a database for a number of reasons..

e.g

Send the database to someone to debug or give feedback while learning.

Move the database from a local machine to the cloud

Move the database from cloud vendor A to cloud vendor B

etc.

Advertisement:

Having a backup of the VM is good but having a backup of the database too is better. I use UpCloud for hosting my VM’s and setting backups is easy. But I cannot download those backups.

Murphy’s Law

“If anything can go wrong, it will”

The most important reason for taking a backup and knowing how to restore it is for disaster recovery reasons.

Backup (the easiest way) with Adminer

Adminer is a free PHP based IDE for MySQL and other databases. Simply install Adminer and save the file on your local computer or remote web server directory.

FYI: The Adminer author Jakub Vrana has a patron page, I am a patron of this awesome software.

Snip from Adminers website. “Adminer (formerly phpMinAdmin) is a full-featured database management tool written in PHP. Conversely to phpMyAdmin, it consist of a single file ready to deploy to the target server. Adminer is available for MySQL, MariaDB, PostgreSQL, SQLite, MS SQL, Oracle, Firebird, SimpleDB, Elasticsearch andMongoDB.”

TIP: The file would be publicly accessible to anyone so don’t save it to a common area, obfuscate the file, protect it of delete the file when you are done using it.

Advertisement:

Once Adminer is installed load it in a web browser, login with your MySQL credentials. Once you login you will see all databases and an Import and Export menu.

tbtest is a simple database with one table and 4 fields (ID, Key, Value and Modified)

.Click Export to open the export screen.

Click Export, a SQL file will be generated (this is the export of the database).

If I add a binary blob file to the table and upload a PNG file lets see how the export looks.

Advertisement:

Let export the database again in Adminer and check out the output. I used Sublime Text editor to view the export file.

Restore (the easiest way) with Adminer

OK lets delete the tbtest database and then restore it with Adminer. I used Adminer to delete (DROP) the database.

Database “dbtest” deleted.

Now lets create a blank database to restore to (same name).

Database created.

Advertisement:

Now lets import the database backup using Adminer.

Click Import, select the backup file and un-tick Stop on errors.

TIP: The 2MB next the the choose file button is defined by your web server and PHP configuration. If you are trying to import a larger database (e.g 80MB) first increase the limits in your web server and PHP (via php.ini).

The Import (restore should take seconds)

The database was imported from a backup, all tables and records imported just fine.

Bonus methods.

On Ubuntu use this guide to backup from the command line. If you use the Oracle MySQL Workbench read this.

On February 22nd 2017 CAA’s that issue https certificates are required to check what CAA’s are allowed to issue HTTP’s certificates for a website. To limit who can create HTTP’s certificates for your site all you need to do is specify a number of DNS records.

Advertisement:

DNSSEC

Before adding DNS CAA records ensure you have enabled DNSSEC for extra security, this is not needed to setup CAA records but it’s a good idea.

Backup your Nginx and Server before making any changes. The Nginx development branch is quite stable but anything can happen. If your site is mission critical then stay on the stable branch.

Nginx Branches

By default, you will most likely get the stable branch of Nginx when instaling and updating Nginx. I have been running the stable version for the last few years but was made aware of a DDoS vulnerability in Nginx.

I was aware recently of a DDoS bug affecting Nginx and the recommendation was to update ot Nginx 1.15.6 development branch (or 1.14.1 stable branch).

A few days ago no 1.14.1 update was available but a 1.15.6 was, should I switch to the development branch to get updates earlier?

Reminder to update your #nginx installations to the 1.14.1 stable or the 1.15.6 mainline versions for critical security patches released this week. #NGINXPlus customers, see instructions for updating based on the patch released 10/30 https://t.co/KitsOWIJkb

Changes with nginx 1.15.6 06 Nov 2018
*) Security: when using HTTP/2 a client might cause excessive memory
consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844).
*) Security: processing of a specially crafted mp4 file with the
ngx_http_mp4_module might result in worker process memory disclosure
(CVE-2018-16845).
*) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive",
"grpc_socket_keepalive", "memcached_socket_keepalive",
"scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives.
*) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL
1.1.1, the TLS 1.3 protocol was always enabled.
*) Bugfix: working with gRPC backends might result in excessive memory
consumption.
Changes with nginx 1.15.5 02 Oct 2018
*) Bugfix: a segmentation fault might occur in a worker process when
using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4.
*) Bugfix: of minor potential bugs.
Changes with nginx 1.15.4 25 Sep 2018
*) Feature: now the "ssl_early_data" directive can be used with OpenSSL.
*) Bugfix: in the ngx_http_uwsgi_module.
Thanks to Chris Caputo.
*) Bugfix: connections with some gRPC backends might not be cached when
using the "keepalive" directive.
*) Bugfix: a socket leak might occur when using the "error_page"
directive to redirect early request processing errors, notably errors
with code 400.
*) Bugfix: the "return" directive did not change the response code when
returning errors if the request was redirected by the "error_page"
directive.
*) Bugfix: standard error pages and responses of the
ngx_http_autoindex_module module used the "bgcolor" attribute, and
might be displayed incorrectly when using custom color settings in
browsers.
Thanks to Nova DasSarma.
*) Change: the logging level of the "no suitable key share" and "no
suitable signature algorithm" SSL errors has been lowered from "crit"
to "info".
Changes with nginx 1.15.3 28 Aug 2018
*) Feature: now TLSv1.3 can be used with BoringSSL.
*) Feature: the "ssl_early_data" directive, currently available with
BoringSSL.
*) Feature: the "keepalive_timeout" and "keepalive_requests" directives
in the "upstream" block.
*) Bugfix: the ngx_http_dav_module did not truncate destination file
when copying a file over an existing one with the COPY method.
*) Bugfix: the ngx_http_dav_module used zero access rights on the
destination file and did not preserve file modification time when
moving a file between different file systems with the MOVE method.
*) Bugfix: the ngx_http_dav_module used default access rights when
copying a file with the COPY method.
*) Workaround: some clients might not work when using HTTP/2; the bug
had appeared in 1.13.5.
*) Bugfix: nginx could not be built with LibreSSL 2.8.0.
Changes with nginx 1.15.2 24 Jul 2018
*) Feature: the $ssl_preread_protocol variable in the
ngx_stream_ssl_preread_module.
*) Feature: now when using the "reset_timedout_connection" directive
nginx will reset connections being closed with the 444 code.
*) Change: a logging level of the "http request", "https proxy request",
"unsupported protocol", and "version too low" SSL errors has been
lowered from "crit" to "info".
*) Bugfix: DNS requests were not resent if initial sending of a request
failed.
*) Bugfix: the "reuseport" parameter of the "listen" directive was
ignored if the number of worker processes was specified after the
"listen" directive.
*) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to
switch off "ssl_prefer_server_ciphers" in a virtual server if it was
switched on in the default server.
*) Bugfix: SSL session reuse with upstream servers did not work with the
TLS 1.3 protocol.
Changes with nginx 1.15.1 03 Jul 2018
*) Feature: the "random" directive inside the "upstream" block.
*) Feature: improved performance when using the "hash" and "ip_hash"
directives with the "zone" directive.
*) Feature: the "reuseport" parameter of the "listen" directive now uses
SO_REUSEPORT_LB on FreeBSD 12.
*) Bugfix: HTTP/2 server push did not work if SSL was terminated by a
proxy server in front of nginx.
*) Bugfix: the "tcp_nopush" directive was always used on backend
connections.
*) Bugfix: sending a disk-buffered request body to a gRPC backend might
fail.
Changes with nginx 1.15.0 05 Jun 2018
*) Change: the "ssl" directive is deprecated; the "ssl" parameter of the
"listen" directive should be used instead.
*) Change: now nginx detects missing SSL certificates during
configuration testing when using the "ssl" parameter of the "listen"
directive.
*) Feature: now the stream module can handle multiple incoming UDP
datagrams from a client within a single session.
*) Bugfix: it was possible to specify an incorrect response code in the
"proxy_cache_valid" directive.
*) Bugfix: nginx could not be built by gcc 8.1.
*) Bugfix: logging to syslog stopped on local IP address changes.
*) Bugfix: nginx could not be built by clang with CUDA SDK installed;
the bug had appeared in 1.13.8.
*) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear
in logs during binary upgrade when using unix domain listen sockets
on FreeBSD.
*) Bugfix: nginx could not be built on Fedora 28 Linux.
*) Bugfix: request processing rate might exceed configured rate when
using the "limit_req" directive.
*) Bugfix: in handling of client addresses when using unix domain listen
sockets to work with datagrams on Linux.
*) Bugfix: in memory allocation error handling.

Development branch changes are made every few weeks and stable branch changes are made less often.

I have guides on setting up PHP 7 here on Digital Ocean, here on AWS and here on Vultr. I have tried upgrading to PHP 7.1 in the past with no luck (I forgot to change something and rolled back to 7.0).

FYI: I have a guide on setting up PHP child workers so the output from some commands below may be different than yours. Here are the steps I performed to install PHP 7.2 alongside 7.0 then switch. to 7.2.

Backup your system

Do perform a Snapshot or Backup before proceeding. Nothing beats a quick restore if things fail.

Note: Use this information at your own risk.

Updating php 7.2.12 to 7.2.12

Update your Ubuntu systems

apt-get update && apt-get upgrade

Updating from an older php (e.g 5.x, 7.1, 7.1 to say 7.2.12)

Backup PHP

cd /etc/php
zip -r php7.0backup.zip 7.0/

Install Helper

This software provides an abstraction of the used apt repositories. It allows you to easily manage your distribution and independent software vendor software sources. More Info

“In a nutshell, apt-get update doesn’t actually install new versions of the software. Instead, it updates the package lists for upgrades for packages that need upgrading, as well as new packages that have just come to the repositories.” from here

Although I am a developer I do like security related topics and I try and do as much as I can to secure my systems and applications. Reading the Multi-Factor Authentication Wikipedia page has all the details on Multi-Factor authentication.

1) I plugged in my Yubico Neo key into my USB slot. 2) I closed the Keyboard setup window that appeared (I guess the YubiKey is a kind of a keyboard to allow inserting of challenge-response character streams into apps and websites).

3) I followed the basic troubleshooting page and confirmed that the key was being detected (yes it was.)

4) I followed this guide to test U2F functionality and this guide to test OTP functionality. Web pages and Google Chome can talk to the plugged-in YubiKey(s).

I noticed the Yubico key touch panel was flashing. I pressed the button, then a response appeared below the input textbox. I copied this response text then insert your second key and perform the same test so I could compare the responses (they should be the same). They were.

If the responses don’t match rewrite the configuration to your primary and secondary keys and ensure the same key and secret was used for both keys.

FYI: I rewrote configuration a few times until I got it right.

Installing the Pluggable Authentication Module (PAM) on macOS

I re-read the Mac login guide here as I don’t want to lock myself out of my Mac.

“Program at least two YubiKeys when implementing a requirement for authentication with a YubiKey on your Mac. If you configure only one YubiKey and something happens to the YubiKey, you must restore the Mac from a Time Machine backup that you created before editing the authorization file before you can log back in to your account. ”

Reading the guide regarding multiple accounts (setting up a Key for each login). I have 5 logins on my Mac but when this works I will disable the other accounts from logging in.

Enable the use of the Yubico key when the screensaver is deactivated on macOS

I opened a terminal and edited “/etc/pam.d/screensaver ” (I use the easier nano editor)

I added the generated QR code details to the Android Authenticator and macOS Yubico Authenticator app. At first, I could not scan the QR code in macOS (was Mojave blocking this?), I manually entered the details (after confirming them from the Android app QR code scan).

Details:

Issuer: 1Password

Account Name: my.1password.com

Secret Key: ###################

Time: 30

Algorithm: SHA-1

Period: 30

Digits: 6

Now, 1Password web and the desktop app are asking for the 2-factor code (generated in the Yubico Authenticator app after I insert my YubioKey).

“Your 1Password account is now protected by two-factor authentication. From now on, you’ll need to enter a six-digit authentication code from your authenticator app when you sign in to 1Password on a new device.”

I logged in to 1Password from Google Chrome on Android and indeed I was prompted for a two-factor auth code form the Yubico Authenticator app (with a KubiKey inserted).

5) Accept and enter any SMS codes if you set up SMS Two Factor codes via SMS

6) Click “Review your login verification methods”

7) Click “Setup Key”

8) Insert Your YubiKey and follow the prompts to activate it.

9) Now the key will be requoted to log in to Twitter

Testing Two Factor Login to Twitter

I logged out of and back into Twitter but the SMS Two Factor Authentication method was still active?

I tried to disable the SMS method in Twitter but two factor was disabled altogether and the registered key was deleted. I re-added my key 🙁

I solved this by choosing “Choose a different verification method” when logging in then choosing “Use your security key“, Twitter then accessed my YubiKey and further login attempts used the key instead of SMS 🙂 I could use an Authenticator code but they YubiKey touch method is quicker.

Done

It would be nice if Twitter allowed multiple keys to be used to log in?

Escalating Federally (Federal cannot help until the TIO case is closed, Telstra will not close TIO case)

Telstra added a 2-week deadline to transfer the phone line (phone line back).

Have I been blacklisted by Telstra 13 22 00 support number (and reps says talk to your case manager)

Data stability issues remain

I was already with NBN (FTTN, ISP Name redacted) on a 50/20 Megabit plan and Telstra promised fibre to the house (FTTP) instead of FTTN and this is what happened (still unfolding…).

Advertisement:

Telstra NBN (FTTN)

You can read my change over from ADSL 2 to NBN posts here. I was paying for a 50 Megabit Down and 20 Megabit up plan and it was not very after 5 months. I am not into torrenting unless downloading essential Raspberry Pi images or Linux ISO images. I needed a faster and more reliable internet connection and phone line.

My landline was down for 30 days and because I had a stroke recently (all good touch wood) a working phone line is very important. My previous provider said they can’t escalate issues unless the data line is completely down. Some days the internet was fine other days it was terrible.

I was sent a number of routers from my previous ISP to try an diagnose the dead landline and bad NBN speeds.

I was sick of the poor speeds of FTTN NBN. I was frequently talking to my previous NBN provider and had to perform daily router reboots. Some days NBN 50 Megabit seemed like being on a modem on a good day or ADSL1 on a bad day.

All support calls with my previous ISP support usually went one of two ways

We cannot escalate this issue (dead landline/slow data speeds) to NBN because your router is “syncing” (all be it slowly and with a dead landline).

We will send you a new router (mostly with experimental firmware?).

The landline stopped working and we got used to rebooting the router multiple times a day.

P.S The real name provided by the Telstra Operator has been replaced with TelstraOperator (as I promised to hide names when asking for permission to post the conversation on my blog).

fyi: Alison and myself (Simon) are married.

> Info: Thank you for choosing Telstra 24×7 Live Chat. A representative will be with you shortly. At the conclusion of your chat please take a few moments to give us some feedback on your experience today. > Info: All agents are currently assisting others. Thank you for your patience. > Info: You are now chatting with TelstraOperator. > TelstraOperator: Welcome to Telstra, this is TelstraOperator one of the sales representatives. How may I help you today? > TelstraOperator: Hello Alison how are you? > Alison: (***Asked about switching NBN to Telstra***) > Alison: Do you we need to leave the current provider or can we transfer? > TelstraOperator: Could you please provide me your account /home number with complete name and Date of birth? I will quickly have a look. > … > Alison: (*** I provided my addresss ***) > Alison: (*** I provided my landline ***) >TelstraOperator: I Thought you are existing Telstra customer > Alison: Telstra mobile but (Previous ISP Name) phone > Alison: We want the phone and nbn to be on Telstra with mobile number > … > TelstraOperator: Thank you for the address, and yes while palcing the order you will get a option to enter your deatails, so our team will cancel your current broadband plan and switch to Telstra. > Alison: Nice > TelstraOperator: Thank you, (Please allow me a moment while i check the same in our system.) > Alison: Ok > Alison: I have an optus phone I am willing to switch ove too > Alison: Over > TelstraOperator: Greta, yes you can switch your number as well with us. > TelstraOperator: After running the serviceability check it was found that Telstra will be able to provide you service via NBN which is the fastest fiber optic based technology we offer, and with our NBN plan you will get 50 mbps speed . > Alison: Are you sure it’s fibre optic? > TelstraOperator: Great! Based on the information you have provided today, I would like to offer you _ our $79 plan for ***** gb data per month + new smart modem free , and pay as you go calls, however if you want the cals so you can add our calling pack any time for $10 unlimited loclam national ,Aus mobile calls . > TelstraOperator: And yes its a fibre optic . > Alison: Our nbn at present is copper vdsl > Alison: sounds great > Alison: Do we pay extra to upgrade our house line to fibre from copper? > TelstraOperator: Thank you, and like to > TelstraOperator: iNFORM* > TelstraOperator: Like to inform* > Alison: What deals can we get with a landline phone, nbn 50/20/***** and 1 or 2 mobiles a month? > Alison: Sounds good, thanks > TelstraOperator: After sign up our $79 plan our team will come to your place to set up our service for you,and there is only one time fee of $99 for activtion feeand this fee will be add on your firts bill , so no need to pay any thing right now , and this fee will cover all like set up , line connection technical team visiting etc. > TelstraOperator: And yes on $79 plan you can add mobile plan as well any time . > … > Alison: Can you double check please the fibre optic, is this to the house or nbn cabinet? > TelstraOperator: Sur > TelstraOperator: sure* > Alison: Can I share these awesome details on my blog? So sick of (*** Previous ISP Name ***) NBN > TelstraOperator: Thank you for waiting, as I have checked and confirm with my team as well, so yes fibre optic its availabl. > TelstraOperator: Order Processing You will have to place an order from the Telstra website itself, I will help you with the process whenever you are ready. > Alison: fibre to the house? > … > TelstraOperator: Yes , You can connect to the nbn™ network via Fibre to the Curb technology. > TelstraOperator: Fibre. > Alison: Oh, so it’s not fibre to the house but copper from the house to the node then fibre the exchange from the node > TelstraOperator: Yes, but do noty worry. > TelstraOperator: As I have inform you > Alison: yes fibre or copper from the house? Huge differences. > TelstraOperator: That after signup the plan our team will come to your place to do all teh set up from your streret to your house > TelstraOperator: With a fibre . > Alison: Sorry to be a pain and ask for clarification but it’s copper from the house to the node not fibre. Answers being blogged here for other to read https://fearby.com/article/upgrade-adsl2-fttn-nbn-national-broadband-network-australia-journey/ > TelstraOperator: I understand it’s been an inconvenience and I’m sorry., but let me explain . > Alison: Not sure it’s legal for you to say I can get fibre nbn when it’s copper to the node? > TelstraOperator: As I have inform that our team will set up the service from your street to your home, it means our team will do the new cabling from your strtyee to your home, of fibre . > Alison: FttN or FttC > TelstraOperator: For thaat reason only there is one time fee of $99 . > Alison: Awesome > Alison: Do we pay for the fibre from our house to the street? Our driveway is 80m long > … > Alison: Nice, based on your advice of new fibre and price, we will signup ASAP, do you have a reference number we can use to lock this in? > TelstraOperator: Thank you we can sign up the plan now as well > TelstraOperator: And after sign u p the plan our team will call you with i 24 hours for the confirmatoin. > TelstraOperator: Order Processing You will have to place an order from the Telstra website itself, I will help you with the process whenever you are ready. > Alison: I need to confirm we can exit our nbn plan from the current provider first > Alison: do you have a reference number for this chat? > Info: The chat transcript will be sent to: [email protected] at the end of your chat. > : ThatTelstraOperator’s fine , no worries please take your time,and once your ready so please feel free to chat back with us > TelstraOperator: I hope I have replied all your queries successfully? > Alison: It has, awesome news tekstea > Alison: telstra > TelstraOperator: Thank you,I have a small favour to ask. > TelstraOperator: It has been a pleasure serving you, please take a few moments to give us some feedback on your experience today. Please Initiate the End Chat Session Now, by clicking the (+) sign, and Select the ‘End Chat Conversation’ and you can also get a copy of our chat transcript by selecting ‘Email Transcript’ button. > TelstraOperator: Thank you,I am glad I was able to assist. Is there anything else I could help you with today? > Alison: Yep, can I share this info on my personal blog? happy to blur out names. > TelstraOperator: yes of cource you camn > Info: The chat transcript will be sent to: [email protected] at the end of your chat. > TelstraOperator: can* > …

Summary

TelstraOperator: Great! Based on the information you have provided today, I would like to offer you _ our $79 plan for ***** gb data per month + new smart modem free , and pay as you go calls, however if you want the cals so you can add our calling pack any time for $10 unlimited loclam national ,Aus mobile calls .

TelstraOperator: And yes its a fibre optic .

Alison: Do we pay extra to upgrade our house line to fibre from copper?

Alison: Can you double check please the fibre optic, is this to the house or nbn cabinet?

TelstraOperator: Thank you for waiting, as I have checked and confirm with my team as well, so yes fibre optic its availabl.

Alison: fibre to the house?

TelstraOperator: As I have inform that our team will set up the service from your street to your home, it means our team will do the new cabling from your strtyee to your home, of fibre .

Alison: Do we pay for the fibre from our house to the street? Our driveway is 80m long

Alison: Nice, based on your advice of new fibre and price, we will signup ASAP, do you have a reference number we can use to lock this in?

I was left thinking that I was being offered fibre to the house (FTTP – fibre laid up my driveway).

Telstra promise of Fibre (FTTN)?

Street to the house cabling (Fibre).

Fibre to the house sounds awesome.

Advertisement:

Exiting my contact with my previous ISP

I asked my previous ISP to release me from the contract I was in (given the ongoing issues)

My previous ISP called and said that I can leave the contract 🙂

2nd Telstra Inquiry (and switchover to FTTN)

On the 3rd of July 2018, I contacted Telstra Chat to confirm fibre again and to switch over if it was fibre.

P.S The real name provided by the Telstra Operator has been replaced with TelstraOperator (as I promised to hide names when asking for permission to post the conversation on my blog).

> Info: Thank you for choosing Telstra 24×7 Live Chat. A representative will be with you shortly. At the conclusion of your chat please take a few moments to give us some feedback on your experience today. > Info: You are now chatting with TelstraOperator. > TelstraOperator: Welcome to Telstra, this is TelstraOperator one of the sales representatives. How may I help you today? > TelstraOperator: Hello Simon , how are you? > Simon Fearby: Hello, (Previous ISP Name Redacted) just said I can exit a 50/20 NBN contract early so I can switch to Telsta NBN (Connect Plus) > Simon Fearby: Shall I cancel with (Previous ISP Name Redacted) then signup with Telstra to make things smoother or transfer and have Telstra pull the number etc? > TelstraOperator: That’s good to know, and good choice of plan, Sure I Telstra sure provide teh service,and Telstra will cancel yourt current (Previous ISP Name Redacted) plan as well . > TelstraOperator: While placing the order you will get a option to enter your (Previous ISP Name Redacted) details > Simon Fearby: So I should signup with Telstra, enter address and number and then have Telstra pull services then call (Previous ISP Name Redacted) to ensure all is cancelled? > Simon Fearby: Nice. > TelstraOperator: Yes corret . > TelstraOperator: Can I have your complete address to perform a serviceability check for you? > Simon Fearby: I cant wait, Telstra’s service sounds great. > Simon Fearby: (*** I provided my addresss ***) > TelstraOperator: Thank you, in our $79 plan you will gte ***** gb data per month+ new smart modem free , no calls included , however if you want the calls so you can add our $10 calling pack for ulnimited local, natioanl ,Aus mobile calls . > Simon Fearby: Thanks > Simon Fearby: We dont make many calls. 🙂 > Simon Fearby: So we signup online? > TelstraOperator: After running the serviceability check it was found that Telstra will be able to provide you service via NBN which is the fastest fiber optic based technology we offer, and with our NBN $79 plan you will gte 50 mbps speed. > Simon Fearby: Do we pay extra for fibre to be installed? > TelstraOperator: Once the order will be placed, soon you will receive an email and SMS about the package details. The plan/bundle will be activated in your account within 5 to 7 business working days based upon cabling work required . The necessary devices will be sent within 5-7 business working days, and if you want in urgent so while placing the order you can select connect me soon option. > TelstraOperator: NO , There is only one time cost for $99 for activtion fee, and thsi fee will be add on your First bill so no need to pay any thing right now , and this fee will cover all like set up, line connectiojn , technical team visiting etc. > Simon Fearby: Thanks for your information, this has made me decide switch 🙂 > TelstraOperator: Great, Order Processing You will have to place an order from the Telstra website itself, I will help you with the process whenever you are ready. > Simon Fearby: Will do tonight. > Simon Fearby: Thanks TelstraOperator > TelstraOperator: Sure, but I like to suggest to go right now > TelstraOperator: Because I will be there online for you > Simon Fearby: go and get connected? > TelstraOperator: So if you stuck in ay question so i can help you > … > TelstraOperator: So you can sign up the plan any time . > Simon Fearby: Just to confirm we dont need to pay for the fibre optic trench form the cabinet to the house up our driveway? > TelstraOperator: No need to pay any extra > TelstraOperator: The $99 wil cover all. > TelstraOperator: will * > Simon Fearby: Im happy to switch now, just got the ok. > TelstraOperator: Awesome, so shall we go a head to sign up the $79 plan ? > Simon Fearby: Yep. > TelstraOperator: Sure captain . > TelstraOperator: https://www.telstra.com.au/broadband/plans-bundles > Simon Fearby: Lets do this > … > TelstraOperator: please visit the above link to sign up the $79 p;lan > Simon Fearby: done > TelstraOperator: After visit the link, please enter your address. > Simon Fearby: I can self install > TelstraOperator: Yes > : You have to select self install option. > TelstraOperator: When you click ‘select’, it will take you to the online order form. You will have to fill the details and pass me the Order Reference Number that is generated after the order is placed successfully for further processing. > Simon Fearby: doing now 🙂 > Simon Fearby: Whats “Registered Priority Assistance customer.”? > TelstraOperator: Sure,please take your time, and once you done, please pass me the order id munnuimber for the further process, and Thank you. I am there online in case you need any help. > TelstraOperator: We offer Priority Assistance which is a free service designed to help customers who have (or are living with someone who has) a diagnosed life threatening medical condition and whose life may be at risk without access to a fully operational phone service. Eligible customers can register for Priority Assistance and we will install a Priority Assistance customer’s first home phone line at their address as quickly as possible. > Simon Fearby: just confirming phone bundle > TelstraOperator: Yes > Simon Fearby: can i select the $10 unlimited calls option later? > TelstraOperator: yes of cource > Simon Fearby: “Yes, with another service provider and I want to switch to Telstra” = (Previous ISP Name Redacted)? > TelstraOperator: you can add the add on stuiff any time . > TelstraOperator: Stuff* > Simon Fearby: nice > TelstraOperator: Yes correct ,and enter your (Previous ISP Name Redacted) details. > Simon Fearby: “Connection Type” = Cable Other? > TelstraOperator: please select other . > TelstraOperator: As part of your service, your name, address and phone number will be published in the printed and online White Pages directories and available from Directory Assistance. If you don’t want your details published, we offer a private number service called Silent Line free per month. We’ll also block your number so that when you call others they won’t be able to see your number. It’s important to know that a Silent Line alone won’t stop all telemarketing or unwanted calls. Would you like a silent Line? > TelstraOperator: As part of the Telstra family it’s important to know all the best ways you can make changes and view your account online. Your first stop for all things related to your account is My Account found at: https://www.my.telstra.com.au. Here you can view your accounts, current invoices and make change requests to your accoun > TelstraOperator: The whole process takes anywhere from 5 to 7 business days to get you connected after you sign-up. > TelstraOperator: You won’t be charged for any excess broadband usage, however your speed will be shaped to 256 kbps for that month or until you do a data top-up. > TelstraOperator: Your Telstra Technician will call when they’re on their way. Please allow around 4 to 5 hours for your appointment. You must have : an authorised representative on your account on site and available during your appointment(s), access to all work areas (including any required work permits), access to any service configuration emails that we’ve sent you, access to any relevant usernames and passwords. If your installation requires any non-standard services or equipment, your technician will discuss your options and let you know any extra costs before commencing work. > TelstraOperator: We offer the option to connect to the nbn network if you’re confident with installing your own devices and if your home set-up is fairly simple, this would be the ‘Self Install’ option. If a standard Professional Installation/ tech visit is required, there will be a charge of $240 (one off). The $240/standard Professional Installation/ tech visit fee is available on a 12 month service repayment option. Additional costs will apply if you have complex cabling requirement > Simon Fearby: DONE. > TelstraOperator: There must be a working phone line/cable in the property for Telstra to provide services. If cabling is required, additional charges may incur. > TelstraOperator: https://www.telstra.com/content/dam/tcom/personal/help/pdf/cis-personal/bundles-c/personal-critical-information-summary-telstra-plans-bundles-MOSC2160.pdf > TelstraOperator: The above link its for our $79 Critiacl info summary , so you can go throuigh it any time . > Simon Fearby: how do i pay? > TelstraOperator: you will get a bil after 30 days . > Simon Fearby: What about $99 setup fee? > TelstraOperator: It will add on your First bill. > TelstraOperator: And from second montyh it will be $79 per month . > Simon Fearby: Nice. > Simon Fearby: When will the fibre be connected to the house and router turn up? > TelstraOperator: After sig up the plan our team will come to your place to set up our service for you, and our team will call you with in 24 hours for the confirmation. > Simon Fearby: Thanks > TelstraOperator: Thank you, once you done please pass me the order number / > Simon Fearby: Today? > Simon Fearby: So I check email? > Simon Fearby: ######## > Simon Fearby: What’s next? We’ll process your request within 24-48 hours and contact you to clarify details of your order if required. Your order Order reference number: NA######## > TelstraOperator: NO , OUR team will create a pass word them you can checked the email . > Simon Fearby: thanks, so that is? > TelstraOperator: Fantastic,thank you for the order id number, soon you will receive an email and SMS about the package details. and one call fro our team with in 24 hours for the confirmation. > … > TelstraOperator: Just to summarise what you have purchased today our $79 copnnet plus plan with NBN > TelstraOperator: My account As part of the Telstra family it’s important to know all the best ways you can make changes and view your account online. Your first stop for all things related to your account is My Account found at: https://www.my.telstra.com.au. Here you can view your accounts, current invoices and make change requests to your account. > TelstraOperator: CrowdSupport If you have further questions about your services in the future, I also recommend visiting our crowdsupport page at: https://crowdsupport.telstra.com.au/. This is a digital community providing support and answers to a list of commonly asked questions by our customers. Have a browse and ask a question, there are no bad questions. > Simon Fearby: Yes, with pay as you go phone. > TelstraOperator: I hope I have replied all your queries successfully? > TelstraOperator: Yes correct . > Simon Fearby: Thanks, can I tell my friends on blog how awesome Telstra are? > Simon Fearby: https://fearby.com > TelstraOperator: YES please . > Simon Fearby: Thanks > … > TelstraOperator: It has been a pleasure serving you, please take a few moments to give us some feedback on your experience today. Please Initiate the End Chat Session Now, by clicking the (+) sign, and Select the ‘End Chat Conversation’ and you can also get a copy of our chat transcript by selecting ‘Email Transcript’ button. > … > TelstraOperator: Thank you for visiting Telstra, have a nice day.

Summary

> TelstraOperator: After running the serviceability check it was found that Telstra will be able to provide you service via NBN which is the fastest fiber optic based technology we offer, and with our NBN $79 plan you will gte 50 mbps speed. > Simon Fearby: Do we pay extra for fibre to be installed? > Simon Fearby: Just to confirm we dont need to pay for the fibre optic trench form the cabinet to the house up our driveway? > Simon Fearby: When will the fibre be connected to the house and router turn up?

V5.0 Re adding advertisements’s to this blog post to help pay for my mobile data.

V4.9 Splitting the guide into 4 parts (it is too long and I cant edit on my phone).

V4.8 CEO comments

V4.7 microchip details invalid.

V4.6 two more weeks to wait.

V4.5 two months on

V4.4 deadlines passed, escalating.

V4.3 FTTN running very slowly.

V4.2 my desire for FTTP is my fault?

V4.1 Error porting number.

V4.0 50/20 FTTN is back up.

V3.9 replacement router received.

V3.8 Donated $10 USD to the Electronic Frontier Foundation – The leading nonprofit defending digital privacy, free speech, and innovation (to cover any revenue gained from an ad’s in the post sidebar (no ads are in the header or content).

This is a quick post that shows how I upgraded to Wordfence Premium to get real-time defence feeds, malware scanner and two-factor authentication for WordPress logins

Advertisement:

Aside

If you have not read my previous posts I have now moved my blog to the awesome UpCloud host (signup using this link to get $25 free UpCloud VM credit). I compared Digital Ocean, Vultr and UpCloud Disk IO here and UpCloud came out on top by a long way (read the blog post here). Here is my blog post on moving from Vultr to UpCloud.

Buy a domain name here

Now on with the post.

What is Wordfence

WordFence is a free WordPress plugin (install guide here) that helps protect your WordPress site by logging and blocking bad events. I was a big fan of the Wordfence sister program called GravityScan (before it was retired)

I had a 5-year-old scan of a subdomain (that was hosted on a CPanel Host). The subdomain had false positives for malware.

Working to remove the false positive was a lengthy process.

You should aim to stay off the radar or many site scanning, check VirusTotal often to keep your self-updated as to the status of your website. Wordfence will hopefully detect real malware issues automatically in the future.

Update: Wordfence support replied and said “Thanks for writing in. We do detect the EICAR test file, but scans don’t scan file types that aren’t dangerous on a site by default, since scans would waste a lot of time on files that aren’t exploitable.“

I disagree a virus is a virus.

Wordfence says “A Wordfence scan examines all files on your WordPress website looking for malicious code, backdoors, shells that hackers have installed, known malicious URLs and known patterns of infections.”

I guess “all” does not mean “all”?

Wordfence support said EICAR files are detected if I rename the file to php. I renamed the file and to enabled “Scan images, binary, and other files as if they were executable“.

I started a new scan

> Scan Failed >The scan has failed because we received an unexpected response from the Wordfence servers. This may be a temporary error, though some sites may need adjustments to run scans reliably

🙁

Advertisement:

I scanned my system with ClamAV and it found the EICAR file.

clamscan -r --bell -i /www-root

Result:

/www-root/eicar.txt: Eicar-Test-Signature FOUND

ClamAV found the virus.

Setting up Two Factor Authentication (work in progress)

Add your desired user and number

Click Enable User

Wait for the text message and activation code (on your phone)

Enter the activation code and press Activate

The two-factor authentication should be activated

List of two-factor authorization enabled users.

I logged out of WordPress and logged back in but the two-factor auth did not work, I logged a support Ticket with my theme maker and WordFence.

Update: Wordfence Support “Wordfence > Tools > Two Factor Authentication options there is an option for Enable Separate Prompt for Two Factor Code which you could disable and try.“

This fix did not work. I sent a 2nd diagnostics report to Wordfence.

Wordfence support said

>When our two-factor authentication feature allows you to login bypassing the need to enter the authentication code it is typically because of these possible reasons:

> 1) The user has whitelisted their IP address in the advanced firewall option “Whitelisted IP addresses that bypass all rules“.

>2) Another plugin, or possibly a theme, that creates non-standard WordPress behaviour such as user role and capabilities modification, or that modifies the login flow process in some way.

This is how I set up a dedicated Debian subdomain (VM), Installed MySQL 14 and connected to it from a WordPress installation on a different VM

Advertisement:

Aside

If you have not read my previous posts I have now moved my blog to the awesome UpCloud host (signup using this link to get $25 free UpCloud VM credit). I compared Digital Ocean, Vultr and UpCloud Disk IO here and UpCloud came out on top by a long way (read the blog post here). Here is my blog post on moving fearby.com from Vultr to UpCloud.

Buy a domain name here

Now on with the post.

Fearby.com

I will be honest, fearby.com is my play server where I can code, learn about InfoSec and share (It’s also my stroke rehab blog).

There is no faster way to learn than actually doing. The problem is my “doing” usually breaks the live site from time to time (sorry).

I really need to set up a testing environment (DEV-TEST-LIVE or GREEN-BLUE) server(s). GREEN-BLUE has advantages as I can always have a hot spare ready. All I need to do is toggle DNS and I can set the GREEN or BLUE server as the live server.

But first I need to separate my database from my current fearby.com server and setup up a new web server. Having a Green and Blue server that uses one database server will help with near real-time production website switches.

sudo mysql_secure_installation
Enter password for user root:
********************************************
VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?
Press y|Y for Yes, any other key for No: No
Using existing password for root.
Change the password for root ? ((Press y|Y for Yes, any other key for No) : No
... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.
Remove anonymous users? (Press y|Y for Yes, any other key for No) : Yes
Success.
Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : No
... skipping.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Yes
- Dropping test database...
Success.
- Removing privileges on test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Yes
Success.
All done!

I ran these statements to grant the user logging in on the nominate IP’s access to MySQL.

mysql>
GRANT ALL ON databasenmae.* TO [email protected] IDENTIFIED BY '***********sql*user*password*************';
GRANT ALL ON databasenmae.* TO [email protected] IDENTIFIED BY '***********sql*user*password*************';
GRANT ALL ON databasenmae.* TO [email protected] IDENTIFIED BY '***********sql*user*password*************';
GRANT ALL ON databasenmae.* TO [email protected] IDENTIFIED BY '***********sql*user*password*************';

Nice, I seem to have shaved off 0.3 seconds in load times (25% improvement)

Update: Using a Private IP or Public IP between WordPress and MySQL servers

After I released this blog post (version 1.0 with no help from UpCloud) UpCloud contacted me and said the following.

Hello Simon,
I notice there's no mention of using the private network IPs. Did you know that we automagically assign you one when you deploy with our templates. The private network works out of the box without additional configuration, you can use that communicate between your own cloud servers and even across datacentres.
There's no bandwidth charge when communicating over private network, they do not go through public internet as well. With this, you can easily build high redundant setups.
Let me know if you have any other questions.
--
Kelvin from UpCloud

I will have updated my references in this post and replace the public IP address (that is linked to DNS record for db.fearby.com) and instead use the private ip address (e.g 10.x.x.x), your servers private IP address is listed against the public IPv$ and IPv6 address.

I checked that the local ufw firewall did indeed allow the private IP access to MySQL.

sudo ufw status numbered |grep 10.x.x.x
[27] 3306 ALLOW IN 10.x.x.x

On my new Debian MySQL server, I edited the file /etc/mysql/my.cnf and changed the IP to the private IP and not the public IP.

Here is how I added two subdomains (one pointing to a new UpCloud VM and the other pointing to an NGINX subsite) on Ubuntu 18.04

Advertisement:

If you have not read my previous posts I have now moved my blog to the awesome UpCloud host (signup using this link to get $25 free credit). I compared Digital Ocean, Vultr and UpCloud Disk IO here and UpCloud came out on top by a long way (read the blog post here). Here is my blog post on moving from Vultr to UpCloud.

Because I had an existing Comodo certificate on https://fearby.com I am going to repeat the steps above to generate a new certificate but save the NGINX config to /etc/nginx/sites-available/audit.fearby.com (this activates the second site)

Disclaimer

Terms And Conditions Of UseAll content provided on this "www.fearby.com" blog is for informational purposes only. Views are his own and not his employers. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. Never make changes to a live site without backing it up first.

Some ads on this site use cookies. You can opt-out if of local analytics tracking by scrolling to the bottom of the front page or any article and clicking "You are not opted out. Click here to opt out.". AcceptRejectRead More

GDPR, Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.